FedRAMP

FedRAMP

Overview

It is a certification program that allows federal agencies to use cloud providers for increasingly secure/sensitive government or government-adjacent data.

FedRAMP defines three categories regarding levels of security, Low, Moderate, and High.

The higher the security level the more restrictions are in place.

Box is already certified as FedRAMP Moderate and High.

Considerations

In order to be FedRAMP High compliant, your administrator must setup Box in very a very specific way. It is possible that the administrator has further restricted access to Box functionalities.

Consult with your administrator to identify security restrictions in place that might affect the usage of the API.

API usage in FedRAMP High

For FedRAMP high, Box uses a specific domain, box-gov.com and this affects all API's entry points.

FedRAMP ModerateFedRAMP High
account.box.comaccount.box-gov.com
api.box.comapi.box-gov.com
upload.box.comupload.box-gov.com
dl.boxcloud.comdl-frh.boxcloud.com
realtime.services.box.netrealtime.services.box-gov.com

API Restrictions

The following API entry points are not yet available for usage under FedRAMP High configuration.

API Entry point
/sign_requests
/signrequests/{signrequest_id}
/signrequests/{signrequest_id}/cancel
/signrequests/{signrequest_id}/resend